CVE-2024-42327

EUVD-2024-39873
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
ZabbixCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
zabbixzabbix
6.0.0 ≤
𝑥
< 6.0.32
zabbixzabbix
6.4.0 ≤
𝑥
< 6.4.17
zabbixzabbix
7.0.0 ≤
𝑥
< 7.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bookworm
vulnerable
bullseye
1:5.0.8+dfsg-1
not-affected
bullseye (security)
1:5.0.46+dfsg-1+deb11u1
fixed
sid
1:7.0.10+dfsg-2
fixed
trixie
1:7.0.10+dfsg-2
fixed
Common Weakness Enumeration
References
https://support.zabbix.com/browse/ZBX-25623